USE CASE N°04

SECURE DATA
EXCHANGE &
NETWORK
MEMBER
IDENTIFICATION

The internet of things is set to grow exponentially in the following years. But the availability of a large number of decentralized networks is creating relevant challenges that need to be addressed:

• Interoperability: several protocols are used to connect devices - and no single platform  link all devices from all manufacturers. Interoperability is therefore a key IoT challenge.

• Security: networks that rely on central
server infrastructure as well as devices
with a low level of security are increasingly
becoming targets of attacks or can become single points of failure. Therefore not only data needs to be secured but also the networked devices.

As a consequence, high infrastructure and maintenance cost are becoming a burden for centralized network structures – while the demand for secure IoT solutions will rise with the inevitable security leaks.

RIDDLE&CODE has a robust solution to this challenge: RIDDLE&CODE combines blockchain and cryptography in order to create a tamper-proof digital identity for all (connected) physical objects.

This step is necessary to lay the groundwork and will enable our partners to build secure and reliable IoT business models on top of this.

How does RIDDLE&CODES’s secure IoT network work?

RIDDLE&CODE as a security solution provider uses blockchain interfaces not only to validate the transfer of data or digital objects, but also to provide a unique identity to all connected things. As a result, they can be ‘held accountable’ for their actions. This mixed approach works as follows:

RIDDLE&CODE assigns a hardware-based digital identity to all devices by equipping them with a highly secure cryptochip that stores all information about the devices digital identity “off-the-bus”.

With every legitimate node then being registered on the blockchain, devices can easily identify and authenticate each other for various activities (sending of data, reception of data, transfer of digital goods such as currencies etc.) without the need for a central server authority. This enables a decentralized, global network that is scalable to support billions of devices without the need for additional resources.


Example: setting up a secure IoT network

How to set up a highly secure network on the hardware network structure and the data transfer level by securing it with RIDDLE&CODE hardware and software solution.

First step: upload software
Upload chips with RIDDLE&CODE firmware combining 5 APIs (Crypto Chip, Blockchain, NFC, BLE and Web) which is 100% Arduino IDE Compatible. This massively lowers the entry barrier to crypto and blockchain technology and makes optimum use of developers’ time.

Second step: provisioning of the chips
Provisioning is the process by which the chip runs the Elliptic Curve Cryptography algorithm for the first time and create the asymmetric key pairs (public and private). 

RIDDLE&CODE’s strength is in the process of how the crypto key pairs are created and stored. The creation of the keys are done without the intervention of any human activity and are stored “off-the-bus”. This way, the private key never gets exposed to anyone, it is not even known to RIDDLE&CODE.

Third step: attestation service
Immediately after the chips are provisioned, they are attested. This process consists of creating a new transaction (writing into the blockchain) and registering the device with its public key.

The attestation also includes an update according to any smart contract that might have been set up between the parties involved in order to guarantee certain processes for their IoT case.

Fourth step: embed chips into connected devices
Chips are then sent to the customer so they can be embedded into the connected devices, whatever they might be: sensors, actors, cars, machines etc.

Fifth step: validation process
Once the connected devices are deployed in the network, RIDDLE&CODE periodically runs a validation process in order to check that none of the objects have being tampered with. 

In order to do the validation, the connected devices send a request to RIDDLE&CODE’s BigchainDB instance through our Web API. 

Once the device has been validated, it has a unique identity, allowing it to safely store information and exchange it in a secure way with other devices.

This process is seen as fundamental to prevent any of the bottlenecks described above that further IoT developments are in danger to run into: security as well as interoperability and maintenance. Using RIDDLE&CODE’s approach for software and hardware security cannot only address these issues, but it lays the foundation for many future large-scale IoT deployments.